contrib/wpa_supplicant/src/wps/wps_attr_process.c

   1 /*
   2  * Wi-Fi Protected Setup - attribute processing
   3  * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  */
   8
   9 #include "includes.h"
  10
  11 #include "common.h"
  12 #include "crypto/sha256.h"
  13 #include "wps_i.h"
  14
  15
  16 int wps_process_authenticator(struct wps_data *wps, const u8 *authenticator,
  17                               const struct wpabuf *msg)
  18 {
  19         u8 hash[SHA256_MAC_LEN];
  20         const u8 *addr[2];
  21         size_t len[2];
  22
  23         if (authenticator == NULL) {
  24                 wpa_printf(MSG_DEBUG, "WPS: No Authenticator attribute "
  25                            "included");
  26                 return -1;
  27         }
  28
  29         if (wps->last_msg == NULL) {
  30                 wpa_printf(MSG_DEBUG, "WPS: Last message not available for "
  31                            "validating authenticator");
  32                 return -1;
  33         }
  34
  35         /* Authenticator = HMAC-SHA256_AuthKey(M_prev || M_curr*)
  36          * (M_curr* is M_curr without the Authenticator attribute)
  37          */
  38         addr[0] = wpabuf_head(wps->last_msg);
  39         len[0] = wpabuf_len(wps->last_msg);
  40         addr[1] = wpabuf_head(msg);
  41         len[1] = wpabuf_len(msg) - 4 - WPS_AUTHENTICATOR_LEN;
  42         hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
  43
  44         if (os_memcmp_const(hash, authenticator, WPS_AUTHENTICATOR_LEN) != 0) {
  45                 wpa_printf(MSG_DEBUG, "WPS: Incorrect Authenticator");
  46                 return -1;
  47         }
  48
  49         return 0;
  50 }
  51
  52
  53 int wps_process_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg,
  54                               const u8 *key_wrap_auth)
  55 {
  56         u8 hash[SHA256_MAC_LEN];
  57         const u8 *head;
  58         size_t len;
  59
  60         if (key_wrap_auth == NULL) {
  61                 wpa_printf(MSG_DEBUG, "WPS: No KWA in decrypted attribute");
  62                 return -1;
  63         }
  64
  65         head = wpabuf_head(msg);
  66         len = wpabuf_len(msg) - 4 - WPS_KWA_LEN;
  67         if (head + len != key_wrap_auth - 4) {
  68                 wpa_printf(MSG_DEBUG, "WPS: KWA not in the end of the "
  69                            "decrypted attribute");
  70                 return -1;
  71         }
  72
  73         hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash);
  74         if (os_memcmp_const(hash, key_wrap_auth, WPS_KWA_LEN) != 0) {
  75                 wpa_printf(MSG_DEBUG, "WPS: Invalid KWA");
  76                 return -1;
  77         }
  78
  79         return 0;
  80 }
  81
  82
  83 static int wps_process_cred_network_idx(struct wps_credential *cred,
  84                                         const u8 *idx)
  85 {
  86         if (idx == NULL) {
  87                 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
  88                            "Network Index");
  89                 return -1;
  90         }
  91
  92         wpa_printf(MSG_DEBUG, "WPS: Network Index: %d", *idx);
  93
  94         return 0;
  95 }
  96
  97
  98 static int wps_process_cred_ssid(struct wps_credential *cred, const u8 *ssid,
  99                                  size_t ssid_len)
 100 {
 101         if (ssid == NULL) {
 102                 wpa_printf(MSG_DEBUG, "WPS: Credential did not include SSID");
 103                 return -1;
 104         }
 105
 106         /* Remove zero-padding since some Registrar implementations seem to use
 107          * hardcoded 32-octet length for this attribute */
 108         while (ssid_len > 0 && ssid[ssid_len - 1] == 0)
 109                 ssid_len--;
 110
 111         wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", ssid, ssid_len);
 112         if (ssid_len <= sizeof(cred->ssid)) {
 113                 os_memcpy(cred->ssid, ssid, ssid_len);
 114                 cred->ssid_len = ssid_len;
 115         }
 116
 117         return 0;
 118 }
 119
 120
 121 static int wps_process_cred_auth_type(struct wps_credential *cred,
 122                                       const u8 *auth_type)
 123 {
 124         if (auth_type == NULL) {
 125                 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
 126                            "Authentication Type");
 127                 return -1;
 128         }
 129
 130         cred->auth_type = WPA_GET_BE16(auth_type);
 131         wpa_printf(MSG_DEBUG, "WPS: Authentication Type: 0x%x",
 132                    cred->auth_type);
 133
 134         return 0;
 135 }
 136
 137
 138 static int wps_process_cred_encr_type(struct wps_credential *cred,
 139                                       const u8 *encr_type)
 140 {
 141         if (encr_type == NULL) {
 142                 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
 143                            "Encryption Type");
 144                 return -1;
 145         }
 146
 147         cred->encr_type = WPA_GET_BE16(encr_type);
 148         wpa_printf(MSG_DEBUG, "WPS: Encryption Type: 0x%x",
 149                    cred->encr_type);
 150
 151         return 0;
 152 }
 153
 154
 155 static int wps_process_cred_network_key_idx(struct wps_credential *cred,
 156                                             const u8 *key_idx)
 157 {
 158         if (key_idx == NULL)
 159                 return 0; /* optional attribute */
 160
 161         wpa_printf(MSG_DEBUG, "WPS: Network Key Index: %d", *key_idx);
 162         cred->key_idx = *key_idx;
 163
 164         return 0;
 165 }
 166
 167
 168 static int wps_process_cred_network_key(struct wps_credential *cred,
 169                                         const u8 *key, size_t key_len)
 170 {
 171         if (key == NULL) {
 172                 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
 173                            "Network Key");
 174                 if (cred->auth_type == WPS_AUTH_OPEN &&
 175                     cred->encr_type == WPS_ENCR_NONE) {
 176                         wpa_printf(MSG_DEBUG, "WPS: Workaround - Allow "
 177                                    "missing mandatory Network Key attribute "
 178                                    "for open network");
 179                         return 0;
 180                 }
 181                 return -1;
 182         }
 183
 184         wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key", key, key_len);
 185         if (key_len <= sizeof(cred->key)) {
 186                 os_memcpy(cred->key, key, key_len);
 187                 cred->key_len = key_len;
 188         }
 189
 190         return 0;
 191 }
 192
 193
 194 static int wps_process_cred_mac_addr(struct wps_credential *cred,
 195                                      const u8 *mac_addr)
 196 {
 197         if (mac_addr == NULL) {
 198                 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
 199                            "MAC Address");
 200                 return -1;
 201         }
 202
 203         wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR, MAC2STR(mac_addr));
 204         os_memcpy(cred->mac_addr, mac_addr, ETH_ALEN);
 205
 206         return 0;
 207 }
 208
 209
 210 static int wps_workaround_cred_key(struct wps_credential *cred)
 211 {
 212         if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
 213             cred->key_len > 8 && cred->key_len < 64 &&
 214             cred->key[cred->key_len - 1] == 0) {
 215 #ifdef CONFIG_WPS_STRICT
 216                 wpa_printf(MSG_INFO, "WPS: WPA/WPA2-Personal passphrase uses "
 217                            "forbidden NULL termination");
 218                 wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
 219                                       cred->key, cred->key_len);
 220                 return -1;
 221 #else /* CONFIG_WPS_STRICT */
 222                 /*
 223                  * A deployed external registrar is known to encode ASCII
 224                  * passphrases incorrectly. Remove the extra NULL termination
 225                  * to fix the encoding.
 226                  */
 227                 wpa_printf(MSG_DEBUG, "WPS: Workaround - remove NULL "
 228                            "termination from ASCII passphrase");
 229                 cred->key_len--;
 230 #endif /* CONFIG_WPS_STRICT */
 231         }
 232
 233
 234         if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
 235             (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) {
 236                 wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase");
 237                 wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
 238                                       cred->key, cred->key_len);
 239                 return -1;
 240         }
 241
 242         return 0;
 243 }
 244
 245
 246 int wps_process_cred(struct wps_parse_attr *attr,
 247                      struct wps_credential *cred)
 248 {
 249         wpa_printf(MSG_DEBUG, "WPS: Process Credential");
 250
 251         /* TODO: support multiple Network Keys */
 252         if (wps_process_cred_network_idx(cred, attr->network_idx) ||
 253             wps_process_cred_ssid(cred, attr->ssid, attr->ssid_len) ||
 254             wps_process_cred_auth_type(cred, attr->auth_type) ||
 255             wps_process_cred_encr_type(cred, attr->encr_type) ||
 256             wps_process_cred_network_key_idx(cred, attr->network_key_idx) ||
 257             wps_process_cred_network_key(cred, attr->network_key,
 258                                          attr->network_key_len) ||
 259             wps_process_cred_mac_addr(cred, attr->mac_addr))
 260                 return -1;
 261
 262         return wps_workaround_cred_key(cred);
 263 }
 264
 265
 266 int wps_process_ap_settings(struct wps_parse_attr *attr,
 267                             struct wps_credential *cred)
 268 {
 269         wpa_printf(MSG_DEBUG, "WPS: Processing AP Settings");
 270         os_memset(cred, 0, sizeof(*cred));
 271         /* TODO: optional attributes New Password and Device Password ID */
 272         if (wps_process_cred_ssid(cred, attr->ssid, attr->ssid_len) ||
 273             wps_process_cred_auth_type(cred, attr->auth_type) ||
 274             wps_process_cred_encr_type(cred, attr->encr_type) ||
 275             wps_process_cred_network_key_idx(cred, attr->network_key_idx) ||
 276             wps_process_cred_network_key(cred, attr->network_key,
 277                                          attr->network_key_len) ||
 278             wps_process_cred_mac_addr(cred, attr->mac_addr))
 279                 return -1;
 280
 281         return wps_workaround_cred_key(cred);
 282 }